#/bin/bash
#/dev/null 2>&1
FOLDER='/var/log/'
#MONITORED_LOG='/home/marius/test/auth.log'
MONITORED_LOG='/var/log/auth.log'
TEMP_LOG='/tmp/auth.log'
OUR_LOG='/var/log/black_ips.log'
TMP_LOG='/tmp/black_ips.log'
#approx 4 hours

TIME_TO_DENY=172800
#each hour
TIME_TO_CKECK=1800
NN=0


function clean_rules()
{   
    echo "-cleaning up all ip tables"
    for ip in `ufw status | grep DENY | awk '{print $3}'`; do
        ufw delete deny from ${ip}
    done
     ufw status numbered
    exit
}

function valid_ip()
{
    local  ip_black=$1
    local  ip=$1
    local  stat=1
    
    echo "-converting ${1} to"

    if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
        ip_black=$ip
    else
        ip_black=`nslookup ${ip} | egrep 'Address: ' | awk '{print $2}'`
    fi
    echo "-ip converted ${ip_black} to"
    return $ip_black
}


function log_ip()
{
    if ! grep -q ${1} ${OUR_LOG}; then
        
        cur_time=$(date +%s)
        echo $cur_time $1 >> ${OUR_LOG}
        dt=`date`
        
        if [[ ${1} != "99.238.102.190" ]];then
		echo "${dt}-adding ip to iptables ${1} "
		sudo ufw deny from ${1}
	fi	
    fi
}

function prepopulate()
{
    dt=`date`
    while read k; do
        
        if [[ ${k} == "99.238.102.190" ]];then
            continue;
        fi
        echo "${dt}-adding prepop ip to iptables ${k} "    
        sudo ufw deny from ${k}
    done < "/var/www/BLIST/IPS.TXT"
}


LINES=-20
function process_tail()
{
    next=0
    rez=`tail ${LINES} ${MONITORED_LOG} | grep 'Failed'`
    LINES=-2
    for r in $rez; do
        if [[ $r == 'from' ]]; then
            next=1
        elif [[ $next -eq 1 ]];then
            log_ip ${r}
            next=0
        fi
    done
}


function check_oldies()
{
   echo > ${TMP_LOG}
   exec<$OUR_LOG
   cur_time=$(date +%s)

   while read line
   do
 	    if [ -z "$line" ]; then
		    continue
	    fi
        ip_black=`echo  $line | awk '{print $2}'`
 	    if [ -z "ip_black" ]; then
		    continue
	    fi
	    acc_time=`echo  $line | awk '{print $1}'`
        diff=$[ cur_time - acc_time ]
        
        echo  "-${ip_black} access time was ${diff} sec ago"

        if [ "$diff" -gt "$TIME_TO_DENY" ]; then
            dt=`date`
            echo "${dt}-deleting  ${ip_black}"
            sudo ufw delete deny from ${ip_black}
        else
            echo ${line} >> ${TMP_LOG} 
        fi
        
    done
    if [ -e "${TMP_LOG}" ]; then
        mv -f ${TMP_LOG} ${OUR_LOG}
    else
        echo > ${OUR_LOG}
    fi

    ufw status numbered
}


if [ "$1" ];then
    sudo echo > $OUR_LOG
    sudo echo > $TMP_LOG
    sudo echo > $MONITORED_LOG
    clean_rules
fi

if [ ! -f $MONITORED_LOG ];then
     echo "-nothing to monitor"
     exit
fi

if [ ! -f $TEMP_LOG ];then
    touch -r $MONITORED_LOG $TEMP_LOG
fi
 
#while inotifywait -e modify ${FOLDER}; do
echo "-ipblack running"

prepopulate

while [ 1 ]; do
    if [ $MONITORED_LOG -nt $TEMP_LOG ];then
        #echo "tailing check."
        touch -r $MONITORED_LOG $TEMP_LOG
        process_tail
    fi

    #echo "normal loop: ${n} check"
    vm=$[NN % $TIME_TO_CKECK] 
    if [[ $vm == 0 ]];then
        check_oldies
    fi

    NN=$[NN+1]
    sleep 10


done

# Update $TEMP_LOG with the new modified date of $MONITORED_LOG

